Lucene search
K

45044 matches found

RedhatCVE
RedhatCVE
added 2025/09/12 4:32 p.m.13 views

CVE-2025-43884

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

8.2CVSS6.3AI score0.00474EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/09/12 4:32 p.m.12 views

CVE-2025-43885

Dell PowerProtect Data Manager, versions 19.19 and 19.20, Hyper-V contains an Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Command...

7.8CVSS6.5AI score0.0054EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 1:46 p.m.3 views

CVE-2025-10365 Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS7.8AI score0.74884EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/12 1:46 p.m.11 views

CVE-2025-10365 Authentication Bypass in Evertz SDVN

The Evertz SDVN 3080ipx-10G is a High Bandwidth Ethernet Switching Fabric for Video Application. This device exposes a web management interface on port 80. This web management interface can be used by administrators to control product features, setup network switching, and register license among...

9.3CVSS0.05781EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/12 10:15 a.m.8 views

CVE-2025-10265 Digiever|NVR - OS Command Injection

Certain models of NVR developed by Digiever has an OS Command Injection vulnerability, allowing authenticated remote attackers to inject arbitrary OS commands and execute them on the device...

8.8CVSS0.01144EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.3 views

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. A command injection vulnerability exists in Wavlink WL-WN578W2 version 221110, which originates from the parameter ipaddr in the sub401340 function of the file /cgi-bin/login.cgi that fails to correctly filter the constructor...

8.8CVSS7.7AI score0.06789EPSS
Exploits1References6
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.1 views

Digiever NVR 操作系统命令注入漏洞

The Digiever NVR is a camera centralized management, video storage and surveillance device from Digiever Corporation of Taiwan, China. The Digiever NVR suffers from an operating system command injection vulnerability that originates from an unauthenticated remote attacker who can inject arbitrary...

8.8CVSS7.9AI score0.01144EPSS
Exploits0References2
CNNVD
CNNVD
added 2025/09/12 12:0 a.m.5 views

Wavlink WL-WN578W2 命令注入漏洞

The Wavlink WL-WN578W2 is a wireless repeater from China's Wavlink. Wavlink WL-WN578W2 221110 version exists a command injection vulnerability, the vulnerability stems from the parameter pingFrmWANFilterEnabled/blockSynFloodEnabled/blockPortScanEnabled/remoteManagementEnabled of the function...

9.8CVSS7.7AI score0.08082EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2025/09/12 12:0 a.m.4 views

PT-2025-37300

Name of the Vulnerable Software and Affected Versions: Digiever NVR affected versions not specified Description: Certain models of NVR developed by Digiever have an OS Command Injection vulnerability. This allows remote attackers to inject arbitrary OS commands and execute them on the device. Som...

8.8CVSS7.3AI score0.01144EPSS
Exploits0References15
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.12 views

CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky operation of directly using innerHTML to set user content. Therefore, any malicious content rendered via Mermaid will directly trigger the exploit chain,...

9.6CVSS7AI score0.00558EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/09/11 8:27 p.m.5 views

CVE-2025-58180

OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.11.2 contain a vulnerability that allows an authenticated attacker to upload a file under a specially crafted filename that will allow arbitrary command execution if said filename...

8.8CVSS7.2AI score0.19313EPSS
Exploits4References1
NVD
NVD
added 2025/09/11 7:15 p.m.16 views

CVE-2025-59053

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

9.6CVSS0.00522EPSS
Exploits0References2
CVE
CVE
added 2025/09/11 6:26 p.m.32 views

CVE-2025-59053

Affected software and version: AIRI v0.7.2-beta.2 (Grok Companion) with vulnerable Markdown rendering in packages/stage-ui/src/components/MarkdownRenderer.vue and insecure MCP command interface. Root cause: Markdown is processed via useMarkdown and rendered with v-html without escaping, enabling ...

9.6CVSS5.8AI score0.00522EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/11 6:26 p.m.7 views

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

9.6CVSS5.8AI score0.00522EPSS
Exploits0References2
OSV
OSV
added 2025/09/11 6:26 p.m.5 views

CVE-2025-59053 AIRI's character card/chat UI is vulnerable to XSS and can lead to RCE

AIRI is a self-hosted, artificial intelligence based Grok Companion. In v0.7.2-beta.2 in the packages/stage-ui/src/components/MarkdownRenderer.vue path, the Markdown content is processed using the useMarkdown composable, and the processed HTML is rendered directly into the DOM using v-html. An...

9.6CVSS6.1AI score0.00522EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2025/09/11 10:51 a.m.304 views

Exploit for CVE-2025-42944

CVE-2025-42944 Due to a deserialization vulnerability in SAP...

10CVSS7.1AI score0.02882EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/09/11 12:16 a.m.24 views

CVE-2025-57633

A command injection vulnerability in FTP-Flask-python through 5173b68 allows unauthenticated remote attackers to execute arbitrary OS commands. The /ftp.html endpoint's "Upload File" action constructs a shell command from the ftpfile parameter and executes it using os.system without sanitization ...

9.8CVSS8.3AI score0.01468EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/11 12:0 a.m.3 views

Project AIRI 代码注入漏洞

Project AIRI is an AI dialog bot open-sourced by moeru-ai. Project AIRI version 0.7.2-beta.2 suffers from a code injection vulnerability that stems from the MarkdownRenderer.vue component directly using v-html to render unescaped HTML content, which could lead to cross-site scripting attacks, as...

9.6CVSS6.7AI score0.00522EPSS
Exploits0References3
CNVD
CNVD
added 2025/09/11 12:0 a.m.2 views

Fortinet FortiDDoS-F Operating System Command Injection Vulnerability

Fortinet FortiDDoS-F is a distributed denial-of-service protection system from the U.S. company Fiat Fortinet. Fortinet FortiDDoS-F suffers from an operating system command injection vulnerability that stems from improper neutralization of special elements, which can be exploited by an attacker t...

6.7CVSS8.2AI score0.00479EPSS
Exploits0References1
CNVD
CNVD
added 2025/09/11 12:0 a.m.1 views

SAP NetWeaver Deserialization Vulnerability

SAP NetWeaver is the German SAP SAP company's set of service-oriented integrated application platform. The platform mainly for SAP applications to provide development and runtime environment. A deserialization vulnerability exists in SAP NetWeaver, which arises from unsafe deserialization of...

10CVSS7.5AI score0.02882EPSS
Exploits1References1
Rows per page
Query Builder